Cookie Law May 2012 explained

Hello..... I'm Andrew Libra MD of BBI and I'm going to talk about Cookies and the impact these are likely to have on websites both here in the UK and in the wider EU from May 2012. Do I need to know about this? If you are responsible for your businesses website then yes you do and you need to take some actions... Let's start with the background, Cookies.... What are they and why do I need to know? Techie bit....A cookie is a text file placed on your computer by a website you visit, which it then also retrieves when you return to the site using the same browser. It can contain any text based information, but it cannot be used to spread viruses or other malicious software. What are they used for? Cookies are in the main very helpful in providing you the user with an enhanced website experience. Some cookies allow a website to display content appropriate to the user, for example if you are on an On-line Shop site and want to buy a product, a cookie can be used to allow you to view your basket and make the final purchase at the checkout. Very helpful Cookie! Some cookies are designed to provide user statistical data to the website owner so they can continually improve the website content with the end user in mind. You may have heard of Google Analytics. GA does that very reporting for many websites, both UK and overseas. Some cookies are behavioural cookies, which are designed to identify what a user has searched for and then display 3rd party advertising appropriate to the user's recent searches. These along with Google analytics tended to be the focus of those who wanted to implement the privacy law which comes into full effect this year. Now, Cookies have been around for many years, and they have provided us with enhanced website experience over these years... so what has changed? On the 26 May 2011 (yes 2011) an EU (bless them) privacy law (Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR)) came into effect across the whole of the EU!!! As we know when this happens all members states take notice and action EU laws' instantly. Well no not true, only a handful of member states (Denmark, Estonia and the UK) have ratified the law. Here in the UK, our government through the ICO (information Commissioners Office) gave UK businesses a year's grace period to take the necessary actions to comply with the law as the ICO realised at the 11th hour that the UK wasn't ready! So May 2011 is NOW 25 MAY 2012!!! What is the Change? The law states that users must be able to give 'informed consent' for the use of cookies. The 'informed' element means that websites need to tell people what cookies they use, and what their purpose is. Consent itself is defined as "any freely given specific and informed indication of the user's wishes". However there is no prescribed method by which consent can be given by the user to the website. The previous rule on using cookies for storing information was that you had to: • tell people how you use cookies, and • tell them how they could 'opt out' if they objected. Many websites did this by putting information about cookies in their privacy statements, however from May 25th 2012 UK websites must give the user the ability to opt-in to accepting the cookies generated by the website. What are my options? 1. Ignore the law it will go away -- well sorry no it won't and if you do ignore the law any website not compliant is open to enforcement action from the ICO, whose powers include the ability to impose a fine of up to £500,000. 2. Stop using Cookies on your website -- unlikely as most websites (90%+) use cookies as part of the framework of a website. 3. Get the permission and take the appropriate steps. OK, Let's do it... So what do I need to do: There is a checklist of actions from the ICO: 1. Check what type of cookies and similar technologies you use on your website and how you use them. 2. Assess how intrusive your use of cookies is. 3. Decide what solution to obtain consent will be best in your circumstances. In a nutshell, What should I do. 1). Get a cookie audit -- find out what cookies you have on your site. 2). Update your privacy policy and terms and conditions with this information before 25th May 2012. 3). If your site has Cookies, create the opt-in function on your website ready for 25th May 2012.